Upload
cj-kao
View
224
Download
0
Embed Size (px)
Citation preview
8/13/2019 cisco lab 56
1/102
The UltimateCCNA Lab Workbook
Labs Designed For CCNA Rack Rentals
At www.thebryantadvantage.com
Chris BryantCCIE #12933
www.thebryantadvantage.com
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
2/102
Copyright Information:
Cisco, Cisco Systems, CCIE, Cisco Certified Internetwork Expert,Cisco Certified Network Associate, and Cisco Certified Network
Professional are registered trademarks of Cisco Systems, Inc.,
and/or its affiliates in the U.S. and certain countries.
All other products and company names are the trademarks, registeredtrademarks, and service marks of the respective owners. Throughout
this ebook, The Bryant Advantage has used its best efforts todistinguish proprietary trademarks from descriptive names byfollowing the capitalization styles used by the manufacturer.
Disclaimer:
This publication, T h e B r y a n t A d v a n t a g e CCNA L a b W o r k b o o k , is
designed and intended to assist candidates in preparation for the examfor the Cisco Certified Network Associate and Cisco Certified
Network Professional certifications. All efforts have been made bythe author to make this book as accurate and complete as possible,
but no guarantee, warranty, or fitness are implied, expressly orimplicitly. The enclosed material is presented on an as is basis.
Neither the author, Bryant Instructional Services, or the parent
company assume any liability or responsibility to any person or entitywith respect to loss or damages incurred from the informationcontained in this workbook.
Copyright 2005, The Bryant Advantage.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
3/102
8/13/2019 cisco lab 56
4/102
Please Read The Following Rules Carefully.Theyre Not The Usual mumbo jumboLegalities.
By connecting to my remote labs, you agree to abide by the
following rules.
1. Do not change the configuration of the access server inany way. Doing so may end your session, and a refund
will not be given. You will also be prohibited from rentingthe pods in the future.
2. Do not change the configuration register of any router orswitch.
3. You are more than welcome to practice your enablesecret, enable password, console password, and telnet
passwords. However, you MUST use the passwordscisco or ccna, without the quotation marks. Uppercase or lower case is fine.
Thank you!
Connecting To Your Remote Pod
Getting started with your pod of Cisco routers and 2950 switches iseasy! First, youll need to Telnet to your access server. The IPaddress, username, and password for your session was sent to you in
a separate email. (The phone numbers for your ISDN connection isalso in that email.)
You can use any Telnet version to connect to your access server. Youcan use HyperTerminal if you like, but Ive seen some versions have
trouble with Telnet. If you use HyperTerminal and have troubleauthenticating, use Telnet by going out to your C: prompt.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
5/102
From your C: prompt, you can type telnet to go into Microsoft telnet,or type telnet x.x.x.x, with the IP address in place of the xs.
C:\> telnet
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet> open 100.100.100.100 (put the IP address
you were sent in email in place of the 100.100.100.100)
User Access Verification
Username:
Password:
OR:
C:\>telnet 100.100.100.100
User Access Verification
Username:
Password:
A few tips for logging in:
1. You will be prompted for a username, then a password.2. Do not hit the space bar at the end of entering either; this will
send a null space and you will not be authenticated.
3. The cursor WILL NOT MOVE when you enter your username andpassword. Thats a Cisco default. You will not see asterisks, as
you do when logging in to most Microsoft products.
After entering your username and password, youll be put intoprivileged exec mode on the access server:
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
6/102
User Access Verification
Password:
BRYANT_POD_ONE#
Your three routers and two Cisco 2950 switches are all connected tothis access server. Heres how to access each device.
First, clear the lines leading to the other devices.
BRYANT_POD_ONE#clear line 01
[confirm][OK]
BRYANT_POD_ONE#clear line 02[confirm]
[OK]BRYANT_POD_ONE#clear line 03
[confirm][OK]
BRYANT_POD_ONE#clear line 04[confirm]
[OK]BRYANT_POD_ONE#clear line 05[confirm]
[OK]
BRYANT_POD_ONE#
When you see the [confirm] choice, just hit your enter key to accept it.
Now that the lines are cleared, youre going to connect to each device
from your access server. This reads like a long process, but it will onlytake you a minute or two.
Type R1 at the prompt:
BRYANT_POD_ONE#r1
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
7/102
Trying R1 (100.1.1.1, 2001)... Open
R1#
Note: When you see the word Open, hit the Enter key again. Youll
then see the prompt for R1.
Now, you need to learn the big keystroke that youll be using to goback from the access server. Here it is:
< X>
This keystroke is a little awkward at first, but before long youll be
doing it without thinking about it. You hit ctrl-shift-6 the same wayyoud enter ctrl-alt-delete (we all know that one!), then release those
keys and hit x. Then youre right back at the access server. Repeat
the process for R2, R3, SW1, and SW2.
R1# < Use above keystroke to go back to access server >
BRYANT_POD_ONE#r2Trying R2 (100.1.1.1, 2002)... Open
R2# < Use above keystroke to go back to access server >BRYANT_POD_ONE#r3
Trying R3 (100.1.1.1, 2003)... Open
R3# < Use above keystroke to go back to access server >BRYANT_POD_ONE#sw1
Trying SW1 (100.1.1.1, 2004)... Open
sw1# < Use above keystroke to go back to access server >BRYANT_POD_ONE#sw2
Trying SW2 (100.1.1.1, 2005)... Open
sw2# < Use above keystroke to go back to access server >BRYANT_POD_ONE#
Remember, youre always coming back to the access server to get
from one router to another. Before long, youll be using thatkeystroke without even thinking about it.
Now that youve created those connections, you will use only thenumber of the connection to go back to each device. At the access
server, just type these numbers to get to each device:
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
8/102
1: R1
2: R23: R3
4: SW1
5: SW2
Dont type the entire name of the device again; just type the numbers
you see here on the access server, as shown below.
BRYANT_POD_ONE#1[Resuming connection 1 to r1 ... ]
R1#BRYANT_POD_ONE#2
[Resuming connection 2 to r2 ... ]
R2#BRYANT_POD_ONE#3
[Resuming connection 3 to r3 ... ]
R3#BRYANT_POD_ONE#4
[Resuming connection 4 to sw1 ... ]
sw1#
BRYANT_POD_ONE#5[Resuming connection 5 to sw2 ... ]
sw2#BRYANT_POD_ONE#
Dont forget to hit enter again after you see the resumingconnection message. That will get you to the enable prompt.
Thats all there is to it!
Table Of Contents
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
8/13/2019 cisco lab 56
9/102
8/13/2019 cisco lab 56
10/102
IP Addressing Lab
Youve got to know how to assign IP addresses to pass the CCNA
exams, and youre about to get a lot of practice. Were going to
configure physical interfaces, logical interfaces, and loopbackinterfaces.
You also need to know how to name a router. We do this with thehostname command. Change the names of the routes to whatever
you like, but after practicing this command, change the names back toR1, R2, R3, SW1, and SW2. Those are the names youll see through
the lab workbook.
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.
R1(config)#hostname Router1Router1(config)#hostname R1R1(config)#^Z
R1#
The ^Z youll see on the screen is what ctrl-z sends to the console,and of course, you know from your CCNA reading that ctrl-z brings you
back out to the enable prompt.
Notice that the hostname command took effect immediately, as all
global commands do.
Lets take a look at the networks well be configuring.
Network Type Network / SubnetMask
Ethernet (R2, R3) 172.23.23.0 /27
ISDN (R1, R2) 172.12.21.0 /30
Serial to Frame Relay Cloud (All) 172.12.123.0 /24
Directly Connected Serial Interfaces(R1, R3)
172.12.13.0 /24
Router 1 Loopback Address 1.1.1.1 / 32
Router 2 Loopback Address 2.2.2.2 /32
Router 3 Loopback Address 3.3.3.3 / 32
Chris Bryant, CCIE #12933www.thebryantadvantage.com
1
2005 The Bryant Advantage
8/13/2019 cisco lab 56
11/102
Lets start with R1. DO NOT OPEN THE SERIAL 0 INTERFACES.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial0
R1(config-if)#ip address 172.12.123.1 255.255.255.0R1(config-if)#interface serial1R1(config-if)#ip address 172.12.13.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
00:18:34: %LINK-3-UPDOWN: Interface Serial1, changed state to downR1(config-if)#interface loopback0R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#interface bri0R1(config-if)#ip address 172.12.21.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#00:19:11: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:19:11: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:19:11: %LINK-3-UPDOWN: Interface BRI0, changed state to up00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state
to down
00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate
to down
R1(config-if)#wr
Building configuration.
Dont worry about the line protocols being down; other labs will take
care of that. All were doing right now is setting the IP addresses andopening the interfaces. Get used to saving your work as often as
possible with wr, short for write. Use IOS Help to see the optionsand the defaults. (Remember, IOS Help is the question mark symbol.)
Dont forget to open the interfaces! If youre having a connectivity
problem and run a command such as show interface ethernet 0,
and you see the following, it means the interface is manually closedand needs to be opened with the no shut command.
R2#show interface ethernet0
Ethernet0 is administratively down, line protocol is down
Now configure R2s interfaces. Do not open interface serial0.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2
2005 The Bryant Advantage
8/13/2019 cisco lab 56
12/102
R2(config)#interface serial0
R2(config-if)#encap frameR2(config-if)#no frame inverse-arpR2(config-if)#interface serial 0.123 multipoint
R2(config-subif)#ip address 172.12.123.2 255.255.255.0R2(config-subif)#interface bri0R2(config-if)#ip address 172.12.21.2 255.255.255.252R2(config-if)#no shut
R2(config-if)#
00:27:23: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down00:27:23: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:27:23: %LINK-3-UPDOWN: Interface BRI0, changed state to up
R2(config-if)#i
00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changedstate to down
00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate to downR2(config-if)#interface ethernet0
R2(config-if)#ip address 172.23.23.2 255.255.255.224
R2(config-if)#no shut00:28:45: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:28:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed
state to up
R2(config-if)#interface loopback0R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#^Z
R2#
Note that you configured frame relay on R2. That allows us to create
the multipoint subinterface. Frame Relay will be covered completely ina later lab, but you cannot create that multipoint interface until youve
enable frame relay.
Also notice that you dont have to run no shut on a loopbackinterface. (Its not wrong if you do, but you dont have to.
Lets configure R3s interfaces. Do not open interface serial0.
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface serial 0R3(config-if)#encap frame
R3(config-if)#no frame inverse-arp
R3(config-if)#interface serial0.31 point-to-point
Chris Bryant, CCIE #12933www.thebryantadvantage.com
3
2005 The Bryant Advantage
8/13/2019 cisco lab 56
13/102
R3(config-subif)#ip address 172.12.123.3 255.255.255.0
R3(config-subif)#interface serial 1R3(config-if)#ip address 172.12.13.3 255.255.255.0
R3(config-if)#no shut
00:33:32: %LINK-3-UPDOWN: Interface Serial1, changed state to up
00:33:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changedstate to up
R3(config-if)#interface ethernet0
R3(config-if)#ip address 172.23.23.3 255.255.255.224R3(config-if)#no shut
00:33:46: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:33:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changedsta te to up
R3(config-if)#interface loopback0
00:33:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed
state to down
R3(config-if)#ip address 3.3.3.3 255.255.255.0
Again, note that you configured frame relay on the serial0 physical
interface, then created a point-to-point subinterface. The Serial0physical interface then had to be opened.
I urge you to not just walk through these labs, but to use the show
and debug commands youll read about in this book, in my UltimateCCNA Study Guide PDF, and to use IOS Help often to see the otheroptions. Take advantage of the fact that youre working with real
Cisco routers and switches, not toys like simulator programs.
You do not need to configure IP addresses on the switches.
Theres another command Id like to introduce you to, since we all
mistype from time to time. Notice what happens when you mistype acommand on a Cisco router:
R3#hudjgmg
Translating "hudjgmg"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
By default, a Cisco router or switch is going to attempt to resolve a
mistyped command via DNS. Thats what the domain server is thatits looking for, and of course you know that 255.255.255.255 is a
layer 3 broadcast.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
4
2005 The Bryant Advantage
8/13/2019 cisco lab 56
14/102
This only takes about 15 seconds to come back with the unknowncommand line in a practice lab, but it can take much longer in a
production network. To disable this default behavior, use the globalcommand no ip domain-lookup on each device in your pod. Notice
that immediately after using this command, the router tries to resolve
the command locally but does not send the broadcast out.
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#no ip domain-lookupR3(config)#^Z
R3#jfujjke
00:50:24: %SYS-5-CONFIG_I: Configured from console by consoleR3#jfujjke
Translating "jfujjke"
% Unknown command or computer name, or unable to find computer address
As with all commands you read about and practice with in my books,do not run a command on a production network unless you aresure of the result. VERY sure. This is particularly true of
the debugs youll be using in my labs.
Congratulations! Youve now configured plenty of IP addresses. If
youre confronted with that task on one of your CCNA exams, youremore than ready. Just dont forget to open the interfaces on exam
day!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
5
2005 The Bryant Advantage
8/13/2019 cisco lab 56
15/102
LAN Switching Lab
With the command vtp domain, place both switches in the vtpdomain CCNA. Enable pruning with the vtp pruning command. You
can also set a password of CISCO for VTP.
SW1#conf tSW1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
SW1(config)#vtp password CISCOSetting device VLAN database password to CISCO
SW1(config)#vtp pruning
Pruning switched on
SW2#conf t
SW2(config)#vtp domain CCNAChanging VTP domain name from NULL to CCNASW2(config)#vtp password CISCO
Setting device VLAN database password to CISCO
SW2(config)#vtp pruningPruning switched on
The VTP domain name changes from null, indicating that there wasno VTP domain previously set.
Run show vtp status on both routers to ensure they belong to the
correct VTP domain.
SW1#show vtp statusVTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005Number of existing VLANs : 5
VTP Operating Mode : ServerVTP Domain Name : CCNA
VTP Pruning Mode : Enabled
SW2#show vtp statusVTP Version : 2Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : CCNA
Chris Bryant, CCIE #12933www.thebryantadvantage.com
6
2005 The Bryant Advantage
8/13/2019 cisco lab 56
16/102
VTP Pruning Mode : Enabled
By default, both switches are in VTP Server mode. With the vtp mode
clientcommand, put SW2 in vtp client mode. All VLANs created inthis lab will now have to be created on SW1, the VTP Server. Verify
the change with show vtp status.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.SW2(config)#vtp
01:10:41: %SYS-5-CONFIG_I: Configured from console by console
SW2(config)#vtp mode clientSetting device to VTP CLIENT mode.
SW2(config)#^Z
01:10:47: %SYS-5-CONFIG_I: Configured from console by console
SW2#show vtp statusVTP Version : 2
Configuration Revision : 1Maximum VLANs supported locally : 64Number of existing VLANs : 5
VTP Operating Mode : ClientVTP Domain Name : CCNAVTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB2 0xD2 0xE9 0x70 0xF1 0x6B 0xA1 0x04Configuration last modified by 0.0.0.0 at 3-1-93 01:10:14
Run show cdp neighbors on the switches to see what devices aredirectly connected to the switches.
SW1#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port IDSW2 Fas 0/12 152 S I WS-C2950-1 Fas 0/12
SW2 Fas 0/11 152 S I WS-C2950-1 Fas 0/11
R2 Fas 0/2 129 R 2520 Eth 0
SW2#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port IDSW1 Fas 0/12 150 S I WS-C2950-2 Fas 0/12
Chris Bryant, CCIE #12933www.thebryantadvantage.com
7
SW1 Fas 0/11 150 S I WS-C2950-2 Fas 0/11
2005 The Bryant Advantage
8/13/2019 cisco lab 56
17/102
R3 Fas 0/3 138 R 2500 Eth 0
You can see in the output of show cdp neighborsthat the two
switches are connected at fast 0/11 and fast 0/12. Show interfacetrunkshows that the trunk has already been created dynamically,
with no additional configuration.
SW2#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 desirable 802.1q trunking 1
Fa0/12 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/11 1-4094
Fa0/12 1-4094
Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1
Port Vlans in spanning tree forwarding state and not prunedFa0/11 1
Fa0/12 none
Show vlan brief reinforces the theory that by default, all switch portsare placed into VLAN 1 (except the trunk ports).
SW2#show vlan brief
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10
R2 and R3s Ethernet addresses have already been configured, the
trunk line is operational, and both ports are in VLAN 1. Ping R2sEthernet interface from R3, and then R3s Ethernet interface from R2to verify IP connectivity.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
8
2005 The Bryant Advantage
8/13/2019 cisco lab 56
18/102
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R3#ping 172.23.23.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
With pings, exclamation points indicate good connectivity, and periods
indicate no connectivity.
Now, create VLAN 23. Try creating this vlan on SW2 first.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vlan 23
VTP VLAN configuration not allowed when device is in CLIENT mode.
As you can see, you cannot create, delete, or modify VLANs on VTPclients. This VLAN will have to be created on SW1, the VTP server.
After doing so, the VTP client should see VLAN 23 as well.
SW1#conf tEnter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan 23
SW1(config-vlan)#^Z
01:23:34: %SYS-5-CONFIG_I: Configured from console by consoleSW1#show vlan brief
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24
23 VLAN0023 active
Chris Bryant, CCIE #12933www.thebryantadvantage.com
9
2005 The Bryant Advantage
8/13/2019 cisco lab 56
19/102
SW2#show vlan br
01:23:55: %SYS-5-CONFIG_I: Configured from console by consoleSW2#show vlan brief
VLAN Name Status Ports---- -------------------------------- --------- ------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/1023 VLAN0023 active
On sw1, put port fast 0/2 into VLAN 23. (Thats the port connected toR2.) Verify with show vlan brief.
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fast 0/2SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 23
SW1(config-if)#^Z
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/2423 VLAN0023 active Fa0/2
Chris Bryant, CCIE #12933www.thebryantadvantage.com
10
2005 The Bryant Advantage
8/13/2019 cisco lab 56
20/102
Now that R2 and R3 are in separate VLANs, can they still send pingsback and forth?
R2#ping 172.23.23.3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:.....
Success rate is 0 percent (0/5)
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
.....
No, they cant. The difference is that theyre now in separate VLANs,and devices in different VLANs cant communicate unless routing is
taking place somewhere. Here, no routing is taking place, so thepings dont go through.
Put R3s switch port into VLAN 23, and try the ping again.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface fast0/3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 23SW2(config-if)#^Z01:31:57: %SYS-5-CONFIG_I: Configured from console by console
SW2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
23 VLAN0023 active Fa0/3
R3#ping 172.23.23.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Chris Bryant, CCIE #12933www.thebryantadvantage.com
11
2005 The Bryant Advantage
8/13/2019 cisco lab 56
21/102
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:!!!!!
Now that R2 and R3 are in the same VLAN, pings can go through.
On SW1, view the spanning tree information for VLAN 23 with the
show spanning tree vlan 23 command. Do the same on SW2.
SW1#show spanning vlan 23
VLAN0023Spanning tree enabled protocol ieee
Root ID Priority 32791Address 000e.d7f5.a040
This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)
Address 000e.d7f5.a040
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------Fa0/2 Desg FWD 100 128.2 Shr
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
SW2#show spanning vlan 23
VLAN0023
Spanning tree enabled protocol ieee
Root ID Priority 32791
Address 000e.d7f5.a040
Cost 19Port 11 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)
Address 000f.90e2.14c0Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Chris Bryant, CCIE #12933www.thebryantadvantage.com
12
2005 The Bryant Advantage
8/13/2019 cisco lab 56
22/102
8/13/2019 cisco lab 56
23/102
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#spanning-tree vlan 23 root primarySW2(config)#^Z
SW2#show spanning vlan 23
VLAN0023Spanning tree enabled protocol ieee
Root ID Priority 24599
Address 000f.90e2.14c0
This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24599 (priority 24576 sys-id-ext 23)Address 000f.90e2.14c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------Fa0/3 Desg FWD 100 128.3 Shr
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
On SW1, configure PortFast on the port leading to R2 with spanning
portfast, and note the warning the router displays. Remove PortFastwith no spanning portfast.
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fast 0/2SW1(config-if)#spanning portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.Use with CAUTION
%Portfast has been configured on FastEthernet0/2 but will onlyhave effect when the interface is in a non-trunking mode.
SW1(config-if)#no spanning portfast
SW1(config-if)#^Z
Chris Bryant, CCIE #12933www.thebryantadvantage.com
SW1#
14
2005 The Bryant Advantage
8/13/2019 cisco lab 56
24/102
Combine the two physical connections between the two switches intoone logical connection by creating an EtherChannel. On each of the
ports physically connected to the other switch, run channel-group 1mode on.
SW1#conf t
SW1(config)#interface fast 0/11
SW1(config-if)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
03:37:59: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW1(config)#interface fast 0/12
SW1(config-if)#channel-group 1 mode on
SW2#conf tSW2(config)#interface fast 0/11SW2(config-if)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
03:38:11: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW2(config-if)#interface fast 0/12
SW2(config-if)#channel-group 1 mode on
One benefit of EtherChannels is that the bandwidth of both physicalchannels is now being used. (STP put one of the ports in blocking
mode; only one physical path was being used.) Another benefit is thatSTP considers the Etherchannel to be one single connection; if one of
the two lines went down, the STP algorithm would not run, and therewould be no break in transmission, since STP is only concerned with
the logical portchannel, not the physical interfaces:
SW1#show spanning vlan 23
VLAN0023Spanning tree enabled protocol ieee
Root ID Priority 24599
Address 000a.8a4b.fb00
Cost 12Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)Address 0009.b738.9180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Chris Bryant, CCIE #12933www.thebryantadvantage.com
15
2005 The Bryant Advantage
8/13/2019 cisco lab 56
25/102
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----------------------------
Po1 Root FWD 12 128.65 P2p
Chris Bryant, CCIE #12933www.thebryantadvantage.com
16
2005 The Bryant Advantage
8/13/2019 cisco lab 56
26/102
Frame Relay Lab
A hub-and-spoke Frame Relay network will now be configured, with R1
serving as the hub and R2 and R3 as the spokes. First, configure
Frame Relay on R1s Serial0 interface with encapsulation frame-relay, and disable dynamic mapping with no frame-relay inverse-arp. After doing so, run show frame map on R1; no mappings
should appear.
R1#conf t
R1(config)#interface serial0
R1(config-if)#encapsulation frame-relayR1(config-if)#no frame-relay inverse-arp
R1#show frame map
R1#If nothing appears after running show frame map, as shown here, no maps exist.
Configure two Permanent Virtual Circuits (PVC) on R1 with two frame
map statements, mapping DLCI 122 to R2 and DLCI 123 to R3.Ensure that broadcasts will be sent over these virtual circuits with thebroadcast keyword. Run show frame map after doing so.
Configuring frame map statements on the hub router.
R1#conf t
R1(config)#interface serial0R1(config-if)#frame map ip 172.12.123.2 122 broadcast
R1(config-if)#frame map ip 172.12.123.3 123 broadcast
R1(config-if)#int s0R1(config-if)#no shut
R1(config-if)#
03:05:51: %LINK-3-UPDOWN: Interface Serial0, changed state to up
03:05:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changedstate to up
R1#show frame map
Serial0 (up): ip 172.12.123.2 dlci 122(0x7A,0x1CA0), static,
broadcast,CISCO, status defined, inactive
Serial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static,
broadcast,
CISCO, status defined, inactive
Chris Bryant, CCIE #12933www.thebryantadvantage.com
17
The mappings are inactive because frame-relay has not yet been configured on the remote
routers R2 and R3.
2005 The Bryant Advantage
8/13/2019 cisco lab 56
27/102
8/13/2019 cisco lab 56
28/102
You configured a point-to-point interface on R3 in the previous lab.
The command for frame relay is a little different in this situation:
R3#conf t
R3(config)#interface serial0R3(config-if)#encapsulation frame-relayR3(config-if)#no frame-relay inverse-arp
R3(config-if)#interface serial 0.31 point-to-point
R3(config-subif)#frame-relay interface-dlci 321
R3(config-subif)#int s0
R3(config-if)#no shut03:06:52: %LINK-3-UPDOWN: Interface Serial0, changed state to up
03:06:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up
Point-to-point Serial interfaces on a frame relay network do not use dynamic or staticmappings. A point-to-point interface has only one possible destination the other end of
the point-to-point connection. With only one possibly destination, no mapping is
necessary. Instead, the commandframe-relay interface-dlci indicates the single DLCI
that will be used by this interface.
R3#show frame map
Serial0.31 (up): point-to-point dlci, dlci 321(0x141,0x5010), broadcast
status defined, active
From each router, ping the other two routers Serial interfaces on the
frame relay network. All pings will be successful. Run show frame lmiand show frame map on each router as well. Notice that the LMI
counters are incrementing, and the frame map commands show allmaps as active. (Only R1 is shown here, but send pings and run your
show commands on all three routers.)
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
R1#ping 172.12.123.3
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.123.3, timeout is 2 seconds:
!!!!!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
19
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
2005 The Bryant Advantage
8/13/2019 cisco lab 56
29/102
8/13/2019 cisco lab 56
30/102
R1#show frame lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 256 Num Status msgs Rcvd 240Num Update Status Rcvd 0 Num Status Timeouts 16
The router is receiving LMI status messages, but when the LMI type was changed, the
Status Timeouts began to accrue. This command gives an indication that there is a
problem with the LMIs. The LMIs are the heartbeat of frame relay; without the right
LMIs, the frame connection dies.
Run debug frame lmi on R1.
R1#debug frame lmi
Frame Relay LMI debugging is onDisplaying all Frame Relay LMI data
00:52:12: Serial0(out): StEnq, myseq 31, yourseen 0, DTE down
00:52:12: datagramstart = 0xE0183C, datagramsize = 1400:52:12: FR encap = 0x00010308
00:52:12: 00 75 95 01 01 00 03 02 1F 00
00:52:12:00:52:22: Serial0(out): StEnq, myseq 32, yourseen 0, DTE down00:52:22: datagramstart = 0xE0183C, datagramsize = 14
00:52:22: FR encap = 0x00010308
00:52:22: 00 75 95 01 01 00 03 02 20 0000:52:22:
00:52:32: Serial0(out): StEnq, myseq 33, yourseen 0, DTE down
00:52:32: datagramstart = 0xE0183C, datagramsize = 1400:52:32: FR encap = 0x00010308
00:52:32: 00 75 95 01 01 00 03 02 21 00
The myseq value continues to increase, but the yourseen value remains at 0.Between debug frame lmi and show frame lmi, it can be seen that LMI messages are
being received from the DCE, but not accepted another indicator of an LMI mismatch.
Leave that debug command on, and change the LMI default back toCisco. (You must know all three LMI types before taking the CCNA
exams!)
Chris Bryant, CCIE #12933www.thebryantadvantage.com
21
2005 The Bryant Advantage
8/13/2019 cisco lab 56
31/102
R1#debug frame lmiFrame Relay LMI debugging is on
Displaying all Frame Relay LMI data
R1#conf t
R1(config)#interface serial0R1(config-if)#frame-relay lmi-type cisco
00:56:22: Serial0(out): StEnq, myseq 1, yourseen 0, DTE down
00:56:22: datagramstart = 0xE0183C, datagramsize = 13
00:56:22: FR encap = 0xFCF1030900:56:22: 00 75 01 01 00 03 02 01 00
00:56:22: Serial0(in): Status, myseq 100:56:22: RT IE 1, length 1, type 0
00:56:22: KA IE 3, length 2, yourseq 1 , myseq 100:56:22: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 0
00:56:22: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 000:56:32: Serial0(out): StEnq, myseq 2, yourseen 1, DTE down00:56:32: datagramstart = 0xE0183C, datagramsize = 13
00:56:32: FR encap = 0xFCF10309
00:56:32: 00 75 01 01 01 03 02 02 01
00:56:32: Serial0(in): Status, myseq 200:56:32: RT IE 1, length 1, type 0
00:56:32: KA IE 3, length 2, yourseq 2 , myseq 2
00:56:32: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 000:56:32: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 0
00:56:42: Serial0(out): StEnq, myseq 3, yourseen 2, DTE up
00:56:42: datagramstart = 0xE0183C, datagramsize = 1300:56:42: FR encap = 0xFCF10309
00:56:42: 00 75 01 01 01 03 02 03 02
00:56:42: Serial0(in): Status, myseq 300:56:42: RT IE 1, length 1, type 1
00:56:42: KA IE 3, length 2, yourseq 3 , myseq 300:56:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed
state to up
00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed toACTIVE
00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed to
ACTIVE
The incoming myseq packets are now being accepted, and the outgoing messages see
the yourseen value begin to accrue. The DTE end of the connection goes up, the line
protocol goes up soon after that, and finally the previously deleted DLCIs are again
active.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
22
2005 The Bryant Advantage
8/13/2019 cisco lab 56
32/102
Use IOS Help to see what the LMI options are.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int serial 0R1(config-if)#frame lmi-type ?
cisco
ansi
q933a
Run show frame pvc on R1. Note the status for each DLCI, and theuptime.
R1#show frame pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 2 0 0 0Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =Serial0
input pkts 5 output pkts 5 in bytes 520
out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
pvc create time 00:49:19, last time pvc status changed 00:01:15
DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0
input pkts 17 output pkts 5 in bytes 4024
out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0pvc create time 00:49:12, last time pvc status changed 00:01:17
Chris Bryant, CCIE #12933www.thebryantadvantage.com
23
2005 The Bryant Advantage
8/13/2019 cisco lab 56
33/102
Before you take your CCNA exams, be very familiar with what each ofthese commands show you, and what the letters FECN, BECN, and DE
mean:
FECN: Congestion was experienced in the direction in which this
packet was traveling.
BECN: Congestion was experienced in the opposite direction in which
this packet was traveling.
DE: Packet was marked discard eligible.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
24
2005 The Bryant Advantage
8/13/2019 cisco lab 56
34/102
ISDN / Point-To-Point Lab
R1 and R3 are directly connected via their S1 interfaces by a DTE/DCE
cable. Before taking your CCNA exams, you MUST know what
command will tell you whether the DTE or DCE end of the cable isconnected to a router. Heres how you do it:
show controller displays the DTE and DCE ends of the connection. The output of
these commands has been truncated for clarity.
R1#show controller serial 1
HD unit 1, idb = 0x107114, driver structure at 0x10C590buffer size 1524 HD unit 1, V.35 DTE cable
R3#show controller serial 1
HD unit 1, idb = 0xC7D1C, driver structure at 0xCCAA0buffer size 1524 HD unit 1, V.35 DCE cable
Ping R1s serial interface from R3.
R3#ping 172.12.13.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The escape sequence for pings is CTRL-SHIFT-6 performed twice in succession.
The ping fails. Run show interface serial1 to see why.
R3#show interface serial1
Serial1 is up, line protocol is downHardware is HD64570
Internet address is 172.12.13.3/24
The truncated output of show interface serial1 shows the physical interface is up, but
the line protocol is down.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
25
2005 The Bryant Advantage
8/13/2019 cisco lab 56
35/102
8/13/2019 cisco lab 56
36/102
0 Active Layer 3 Call(s)
Configure dialer map statements on R1 and R2, each mapping to the
other routers BRI interface. Ping R1s BRI interface from R2. Put thephone numbers you were sent in email in place of the xxxxxxx you see
below.
NOTE: If you changed the names of R1 and R2, change themback to those names with the hostname command. The
hostnames R1 and R2 will be used for authentication in thislab, as youll soon see.
R1#conf tR1(config)#interface bri0
R1(config-if)#dialer map ip 172.12.21.2 name R2 broadcast xxxxxxx
R2#conf t
R2(config)#interface bri0R2(config-if)#dialer map ip 172.12.21.1 name R1 broadcast xxxxxxx
R2#ping 172.12.21.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The dialer map configuration is correct, but the pings do not go through.
The ping fails because there is no interesting traffic defined that willbring the line up. Using the dialer-list and dialer-group commands,
allow any IP traffic to bring up the line. Ping R1 from R2. After the
ping goes through, run show dialer to see what packets brought theline up.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
27
2005 The Bryant Advantage
8/13/2019 cisco lab 56
37/102
All IP traffic is defined as interesting traffic by thedialer-listcommand, and that list is
called by thedialer-group command. The ping packets bring the line up.
R1#conf tR1(config)#dialer-list 1 protocol ip permitR1(config)#interface bri0
R1(config-if)#dialer-group 1
R2#conf tR2(config)#dialer-list 1 protocol ip permit
R2(config)#interface bri0
R2(config-if)#dialer-group 1
R2#ping 172.12.21.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms%LINK-3-UPDOWN: Interface BRI0:1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up
R2#
%ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661 R1
Its normal for a ping to be 80 percent successful the first time youping a destination. After that, youll see 100 percent connectivity.
R2#show dialer
BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last status
8358661 2 0 00:00:04 successful
0 incoming call(s) have been screened.
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer upDial reason: ip (s=172.12.21.2, d=172.12.21.1)Time until disconnect 117 secsConnected to 8358661 (R1)
The dial reason in the output of show dialer clearly shows the source (s) and
destination (d) of the packet that caused the line to dial. While it was obvious here why
the line went up, routing protocols send multicasts and broadcasts that can cause such a
Chris Bryant, CCIE #12933www.thebryantadvantage.com
28
2005 The Bryant Advantage
8/13/2019 cisco lab 56
38/102
line to dial and stay dialed for days, weeks, or even months at a time, which costs a great
deal of money. This command is vital in diagnosing any issue involving an ISDN line
that dials and stays up.The routers will now authenticate each other with PAP over the ISDN
link. Configure the global command username / password on eachrouter, naming the remote router as the username and the password
the remote router will be sending as the password. Useencapsulation ppp and ppp authentication pap to enable each
router to authenticate the other. Have R1 send a password of CCNAand R2 to send a password of CISCO. Use the ppp pap sent-
username command as shown in the following illustration.
Note that you have to manually configure PPP. The defaultencapsulation for a Serial or BRI interface is HDLC. Youll also see the
TEI go down and then come back up; thats normal when you change
the encapsulation.
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.
R1(config)#username R2 password CISCO
R1(config)#int bri0
R1(config-if)#encapsulation ppp03:45:46: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to
down
03:45:48: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to upR1(config-if)#ppp authentication pap
R1(config-if)#ppp pap sent-username R1 password CCNAR1(config-if)#^ZR1#
R2#conf tEnter configuration commands, one per line. End with CNTL/Z.
R2(config)#username R1 password CCNAR2(config)#int bri0
R2(config-if)#encapsulation ppp
03:47:36: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to
down
03:47:37: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to upR2(config-if)#ppp pap sent-username R2 password CISCO
R2(config-if)#^ZR2#
Run debug ppp negotiation on R2 and ping R1s BRI interface.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
29
2005 The Bryant Advantage
8/13/2019 cisco lab 56
39/102
8/13/2019 cisco lab 56
40/102
R1#conf tR1(config)#no username R2 password CISCO
R1(config)#int bri0
R1(config-if)#no encapsulation ppp
R1(config-if)#^ZR1#
03:56:01: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown
03:56:02: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#no username R1 password CCNA
R2(config)#interface bri0R2(config-if)#no encapsulation ppp
R2(config-if)#^Z03:56:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown
03:56:59: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
Configure the routers for CHAP authentication. The switch-type, dialer
map statements, and dialer-lists have already been configured. Onboth R1 and R2, configure a username / password statement withthe password CCNA. Configure both routers for PPP encapsulation and
CHAP authentication with the encapsulation ppp and pppauthentication chapcommands.
R1#conf tR1(config)#username R2 password CCNA
R1(config)#interface bri0
R1(config-if)#encapsulation ppp03:58:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to do
03:58:59: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
R1(config-if)#ppp authentication chapR1(config-if)#^Z
R1#
R2#conf tR2(config)#username R1 password CCNA
R2(config)#interface bri0
R2(config-if)#encapsulation ppp04:00:00: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to
down
04:00:01: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
Chris Bryant, CCIE #12933www.thebryantadvantage.com
R2(config-if)#ppp authentication chap
31
2005 The Bryant Advantage
8/13/2019 cisco lab 56
41/102
R2(config-if)#^Z
With CHAP, the passwords must be the same. Note that there is no
sent-password command, as there was with PAP.
Run debug ppp negotiation, and ping R1 from R2.
R2#debug ppp negotiation
PPP protocol negotiation debugging is on
R2#ping 172.12.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:
04:01:30: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
04:01:30: BR0:1 PPP: Using dialer call direction04:01:30: BR0:1 PPP: Treating connection as a callout
04:01:30: BR0:1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]04:01:30: BR0:1 LCP: O CONFREQ [Closed] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)
04:01:30: BR0:1 LCP: O CONFACK [REQsent] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)
04:01:30: BR0:1 LCP: I CONFACK [ACKsent] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: State is Open
04:01:30: BR0:1 PPP: P.!hase is AUTHENTICATING, by both [0 sess, 0 load]
04:01:30: BR0:1 CHAP: O CHALLENGE id 1 len 23 from "R2"04:01:30: BR0:1 CHAP: I CHALLENGE id 1 len 23 from "R1"
04:01:30: BR0:1 CHAP: O RESPONSE id 1 len 23 from "R2"
04:01:30: BR0:1 CHAP: I SUCCESS id 1 len 404:01:30: BR0:1 CHAP: I RESPONSE id 1 len 23 from "R1"
04:01:30: BR0:1 CHAP: O SUCCESS id 1 len 4
04:01:30: BR0:1 PPP: Phase is UP [0 sess, 0 load]
04:01:30: BR0:1 IPCP: O CONFREQ [Closed] id 1 len 1004:01:30: BR0:1 IPCP: Address 172.12.21.2 (0x0306AC0C1502)04:01:30: BR0:1 CDPCP: O CONFREQ [Closed] id 1 len 4
04:01:30: BR0:1 IPCP: I CONFREQ [REQsent] id 1 len 1004:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)
04:01:30: BR0:1 IPCP: O CONFACK [REQsent] id 1 len 1004:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)
04:01:30: BR0:1 CDPCP: I CONFREQ [REQsent] id 1 len 4
Chris Bryant, CCIE #12933www.thebryantadvantage.com
32
2005 The Bryant Advantage
8/13/2019 cisco lab 56
42/102
04:01:30: BR0:1 CDPCP: O CONFACK [REQsent] id 1 len 4
04:01:30: BR0:1 IPCP: I CONFACK [ACKsent] id 1 len 1004:01:30: BR0:1 IPCP: Addr!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/49/88 ms
R2#ess 172.12.21.2 (0x0306AC0C1502)
04:01:30: BR0:1 IPCP: State is Open04:01:30: BR0:1 CDPCP: I CONFACK [ACKsent] id 1 len 4
04:01:30: BR0:1 CDPCP: State is Open
04:01:30: BR0 IPCP: Install route to 172.12.21.104:01:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state to up
R2#04:01:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551111 R1
As before, run show dialer to see what interesting traffic brought the link up.
R2#show dialerBRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last statu
8358661 4 0 00:00:12 successfu
0 incoming call(s) have been screened.
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: ip (s=172.12.21.2, d=172.12.21.1)Time until disconnect 109 secs
Connected to 8358661 (R1)
BRI0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is idle
The ping packet from R2 was the cause of the line dialing.
Obviously, theres a lot more going on here. Notice the challenges
and responses being sent by both sides.
I recommend you run CHAP by using mismatched passwords, and run
this same debug so you can see what it looks like when theres aproblem with passwords.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
33
2005 The Bryant Advantage
8/13/2019 cisco lab 56
43/102
Turn your debugs off with undebug all .
Using ppp multilink and dialer load-threshold, configure the ISDNinterface on R1 to bring up the second B-channel when the first B-
channel reaches 50% of its outbound capacity. You can also change
the dialer idle-timeout default of 120 seconds as shown below.(Remember that only interesting traffic resets the idle-timeout.)
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0
R1(config)#dialer idle-timeout 30 (This value is in seconds, not minutes!)R1(config-if)#ppp multilink
R1(config-if)#dialer load-thresh 127 ?
either Threshold decision based on max of inbound and outbound trafficinbound Threshold decision based on inbound traffic only
outbound Threshold decision based on outbound traffic only
R1(config-if)#dialer load-thresh 127 outbound
Its very important that you realize that the value you enter with
dialer load-thresholdis a ratio of 255, not 100. If you wanted to
have the second b-channel come up when the first one reaches 75%capacity, youd need to enter the number that is 75% of 255, NOT
100.
Also, you must configure ppp multilinkto have the second link comeup at the specified capacity level.
The following dialer profile lab is a bonus. Its doubtful youll beasked anything about dialer profiles on the CCNA exams, but the
chance is there. Make sure youre proficient with PAP, CHAP, and thedifferent ISDN show and debug commands covered earlier before
spending time configuring dialer profiles.
On the BRI interface, remove the following: the PPP encapsulationtype, the dialer-map statement, the dialer-group statement, the
dialer-load statement, the IP address, and any commands referencingPAP or CHAP authentication.
The ISDN switch-typecommand and username / password
command should remain.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
34
2005 The Bryant Advantage
8/13/2019 cisco lab 56
44/102
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0
R1(config-if)#no encapsulation pppR1(config-if)#no dialer map ip 172.12.21.2 name R2 broadcast 8358662R1(config-if)#no dialer-group 1
R1(config-if)#no dialer load-threshold 127 outbound
R1(config-if)#no ip address
Make sure the TEI comes back up after going down. If it does not, shut and reopen the
BRI interface.
After removing these statements, the running config should show this for the BRI
interface:
interface BRI0
no ip address
isdn switch-type basic-ni
Configure a dialer profile with the command interface dialer 1 on R1.The IP address that was on the BRI interface will be placed on this
logical interface. Use dialer remote-name to indicate the name ofthe remote router to be dialed, and dialer string to configure the
number to be dialed.
R1#conf tR1(config)#interface dialer 1R1(config-if)#ip address 172.12.21.1 255.255.255.252
R1(config-if)#dialer remote-name R2
R1(config-if)#dialer string xxxxxxx
R1#conf t
R1(config)#interface dialer1R1(config-if)#dialer-group 1
The physical BRI interface and logical Dialer interface must now be
linked. Configure Dialer1 with the dialer pool 1 command, thenmake the BRI interface a member of that pool with the dialer pool-
member 1 command.
R1#conf t
R1(config)#interface dialer1R1(config-if)#dialer pool 1
Chris Bryant, CCIE #12933www.thebryantadvantage.com
35
2005 The Bryant Advantage
8/13/2019 cisco lab 56
45/102
R1#conf tR1(config)#interface bri0
R1(config-if)#dialer pool-member 1
R2 is still using PPP encapsulation and CHAP authentication; R1 must
also. On both the physical and logical interfaces, configureencapsulation ppp and ppp authentication chap.
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface bri0
R1(config-if)#encapsulation pppR1(config-if)#ppp authentication chap
R1(config)#interface dialer1R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
When the encapsulation type is changed on the physical interface, the TEI goes up and
down.. If the TEI doesnt come back up, open and shut the physical interface. No such
up / down behavior will occur when the encapsulation type is configured on the
logical interface.
Run debug ppp negotiation and ping R2s BRI interface.
R1#debug ppp negotiationPPP protocol negotiation debugging is on
R1#ping 172.12.21.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.21.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms
22:12:07: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up22:12:07: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer1
22:12:07: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358662
22:12:07: BR0:1 PPP: Phase is AUTHENTICATING, by both22:12:07: BR0:1 CHAP: O CHALLENGE id 3 len 23 from "R1"
22:12:07: BR0:1 CHAP: I CHALLENGE id 3 len 23 from "R2"22:12:07: BR0:1 CHAP: O RESPONSE id 3 len 23 from "R1"22:12:07: BR0:1 CHAP: I SUCCESS id 3 len 4
22:12:07: BR0:1 CHAP: I RESPONSE id 3 len 23 from "R2"
22:12:07: BR0:1 CHAP: O SUCCESS id 3 len 4
22:12:07: BR0:1 PPP: Phase is UP
Chris Bryant, CCIE #12933www.thebryantadvantage.com
36
2005 The Bryant Advantage
8/13/2019 cisco lab 56
46/102
< The expected series of challenges, responses, and successes occur. >
R1#show dialer
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up
Dial reason: ip (s=172.12.21.1, d=172.12.21.2)
Interface bound to profile Dialer1Time until disconnect 112 secs
Current call connected 00:00:10
Connected to 8358662 (R2)
Dialer1 - dialer type = DIALER PROFILEIdle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
The BRI physical interface is bound to Dialer1, the logical interface, and the status of the
Dialer Profile is up as well.
NOTE: If you keep the dialer profile on this router
during the protocol labs, make sure to substi tute dialer0 or dialer1 , whichever you named thisinterface, for bri0 in the passive-interface command inthe following labs.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
37
2005 The Bryant Advantage
8/13/2019 cisco lab 56
47/102
8/13/2019 cisco lab 56
48/102
R3#conf t
R3(config)#enable secret ccnaR3(config)#^Z
R3#logout
The enable secretpassword has been set. Users will be prompted for this password whenattempting to enter privileged exec mode.
R3 con0 is now availablePress RETURN to get started.
R3>en
Password:R3#The user was prompted for the enable secret password before being allowed into
privileged exec mode. The password does not appear as it is being keyed in. Thepreviously set enable password of cisco no longer works.
A password can also be set for the console. Enter line configurationmode with the commandline console 0, enter loginto have the user
prompted for a password when logging on to the console, and thepassword command is used to set the password.
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.
R3(config)#line console 0
R3(config-line)#loginR3(config-line)#password cisco
R3(config-line)#^Z
R3(config)#logout
R3 con0 is now available
Press RETURN to get started.
User Access Verification
Password: < cisco was entered here >
R3>enablePassword: < ccna was entered here. >
R3#
The user is now prompted for the console password before user exec mode can be
accessed. After entering that password, the user is prompted for the enable secretpassword to enter privileged exec mode.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
39
2005 The Bryant Advantage
8/13/2019 cisco lab 56
49/102
Now youve set an enable password, an enable secret password, and aconsole password. The final password you need to set is the
password that will be used to authentication telnet users. (By default,a Cisco router can support five simultaneous telnet sessions. This
configuration will apply the same password to all five sessions.)
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.
R3(config)#line vty 0 4
R3(config-line)#login
% Login disabled on line 2, until 'password' is set% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set% Login disabled on line 6, until 'password' is set
R3(config-line)#password cisco
It really doesnt matter what order you enter the login command and
the password; as you can see, if you enable login first, yourereminded that no one can log in until a password is set. By default, aCisco router will not allow anyone to connect to it via Telnet
unless a password has been configured on the vty lines.
Encrypting All Router Passwords In The Running Configuration
After configuring a console password and a telnet password, the
passwords appear in the running configuration in clear-text.
R3#show config< output truncated for clarity >
!
line con 0password cisco
login
line aux 0
line vty 0 4password cisco
login
Chris Bryant, CCIE #12933www.thebryantadvantage.com
40
2005 The Bryant Advantage
8/13/2019 cisco lab 56
50/102
By default, only the enable secret password will be encrypted in therunning configuration. To encrypt all passwords in the running config,
use the global command service password-encryption.
R3#conf t
R3(config)#service password-encryption
R3#show config
service password-encryption!
line con 0
password 7 10692C2D3C3827392F27040Alogin
line aux 0
line vty 0 4
password 7 14343B382F2B
login!
end
The number you see is the level of encryption, which can range from 0 7. The command service password-encryptiongives the
strongest possible encryption level on the router.
Cisco Discovery Protocol
Cisco Discovery Protocol (CDP) runs by default between all directly
connected Cisco devices.
Show cdp neighbordisplays all directly connected Cisco routers and
switches. CDP is Cisco-proprietary, so it will not display non-Ciscodevices.
CDP can be disabled at both the global and interface level. To disableCDP at the interface level, run no cdp enable on the interface, and
cdp enable to turn it back on.
By default, the cdp timer defines how often CDP packets aretransmitted, and cdp holdtime defines how long a device will hold a
received packet.
To turn CDP off for the entire router, run no cdp run. To view the
current global status of CDP, run show cdp.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
41
2005 The Bryant Advantage
8/13/2019 cisco lab 56
51/102
Run each of these commands on all five of your devices. Practiceturning CDP off and on at the global level and the interface level until
youre very confident that you know which command is which.
R2#show cdp
Global CDP information:Sending CDP packets every 45 seconds
Sending a holdtime value of 100 seconds
The CDP values have been successfully changed. show cdp interface will give the
timer information for each interface on the router.
R2#conf t
R2(config)#interface bri0
R2(config-if)#no cdp enable
CDP is disabled on the BRI interface. This does NOT have to be done to keep the linefrom dialing, as will be shown.
R2#conf t
R2(config)#no cdp run
CDP is disabled globally.
R2#show cdp% CDP is not enabled
CDP has been successfully disabled.
Knowing which password does what is vital to passing the CCNAexams. Know how to configure and spot a correctly configured console
password, enable password, and telnet password. And you REALLYneed to know CDP inside and out! Theres not much there, but yougotta know it!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
42
2005 The Bryant Advantage
8/13/2019 cisco lab 56
52/102
Static Routing Lab
Create a static route on R3 and one on R1 that will allow R3 to
successfully ping R2s loopback interface, 2.2.2.2. The route should
only consider traffic destined for 2.2.2.2. Use show ip route todisplay the static routes.
R3#conf t
R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 172.12.123.13.0.0.0/27 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
172.12.0.0/24 is subnetted, 2 subnets
C 172.12.13.0 is directly connected, Serial1C 172.12.123.0 is directly connected, Serial0.31
172.23.0.0/27 is subnetted, 1 subnetsC 172.23.23.0 is directly connected, Ethernet0
R1#conf t
R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2
R1#show ip route
< codes deleted for clarity >
Gateway of last resort is not set
1.0.0.0/27 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 172.12.123.2172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.12.13.0/24 is directly connected, Serial1
C 172.12.21.0/30 is directly connected, BRI0
C 172.12.123.0/24 is directly connected, Serial0
Chris Bryant, CCIE #12933www.thebryantadvantage.com
43
2005 The Bryant Advantage
8/13/2019 cisco lab 56
53/102
Examining the syntax of the ip route commands used in this lab:
R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1
ip route: The command.
2.2.2.2: The destination address.255.255.255.255: The wildcard mask. This particular mask means that only traffic
destined for 2.2.2.2 will use this static route.
172.12.123.1: The next-hop IP address used to reach the destination.
R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2
ip route: The command.2.2.2.2: The destination address.
255.255.255.255. The wildcard mask. Again, only traffic destined for 2.2.2.2 will use this
static route.
172.12.123.2: The next-hop IP address used to reach this destination.
On R3, run debug ip packet, then ping 2.2.2.2. The pings willreturn successfully, and the packets can be seen leaving and entering
the router. Turn all debugs off with undebug all.
R3#debug ip packet
IP packet debugging is onR3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent(5/5), round-trip min/avg/max = 132/136/144 m
R3#
IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3
IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3
R3#undebug allAll possible debugging has been turned off
Chris Bryant, CCIE #12933www.thebryantadvantage.com
44
2005 The Bryant Advantage
8/13/2019 cisco lab 56
54/102
Remove the static routes with the command no ip route. Replacethem with a static route with a destination and wildcard mask of
0.0.0.0. This route will serve as a default route; to verify this, run
show ip routeafter configuring these default static routes.
Notice that with static routes, you can configure either a next-hopaddress or an exit interface on the end of the static route command.
Here, youll configure both.
R3#conf tR3(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.1
R3(config)#ip route 0.0.0.0 0.0.0.0 serial0.31
R1#conf t
R1(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.2R1(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.2
A static route configured with a destination and subnet mask of 0.0.0.0 will serve as a
default route.
Examining the routing table of R3 after configuring the default static route.
R3#show ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0
172.12.0.0/24 is subnetted, 2 subnets
C 172.12.13.0 is directly connected, Serial1
C 172.12.123.0 is directly connected, Serial0.31172.23.0.0/24 is subnetted, 1 subnets
C 172.23.23.0 is directly connected, Ethernet0
S* 0.0.0.0/0 is directly connected, Serial0.31
The static route appears on R3 as a candidate default route, and isthen used as the default route. The gateway of last resort is now
set to 0.0.0.0. This is a result of using an exit interface to configurethe static default route, rather than a next-hop IP address.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
45
2005 The Bryant Advantage
8/13/2019 cisco lab 56
55/102
Examining R1s routing table after configuring the static default route.
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is 172.12.123.2 to network 0.0.0.0
1.0.0.0/27 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masksC 172.12.13.0/24 is directly connected, Serial1
C 172.12.21.0/30 is directly connected, Dialer1C 172.12.123.0/24 is directly connected, Serial0S* 0.0.0.0/0 [1/0] via 172.12.123.2
R1 is also using the static route as a default route. The gateway of
last resort is set to 172.12.123.2, the next-hop address set in thestatic default route.
For your CCNA exams, its very important to know how to remove a
command, not just enable one. Here, you saw that a static route isremoved with the no ip route command, followed by the static route
being removed. Its the same as configuring a static route; just putno in front of the entire command.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
46
2005 The Bryant Advantage
8/13/2019 cisco lab 56
56/102
RIP Lab: Configuring RIP Version 1; using
show and debug commands.
Remove any existing routing protocol configuration from your network.
Configure RIP version 1 on all three routers. Run RIP over all
interfaces interconnecting the routers, and the loopback interfaces.
R1#conf t
R1(config)#router rip
R1(config-router)#version 1R1(config-router)#network 172.12.0.0
R1(config-router)#network 1.0.0.0
1d04h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed stateto up
Almost immediately after you configure R1 with RIP, youll see theISDN line come up. Why? Run show dialer to see what traffic
brought the link up.
R1#show dialer
BRI0 - dialer type = ISDN
Dial String Successes Failures Last DNIS Last status
5552222 2 0 00:00:08 successful0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up
Dial reason: ip (s=172.12.21.1, d=255.255.255.255)Time until disconnect 113 secsConnected to 5552222 (R2)
The destination 255.255.255.255 brought the link up. RIP version 1
updates are broadcasts. Since all IP traffic was defined as interestingtraffic in the ISDN lab, the link comes up.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
47
2005 The Bryant Advantage
8/13/2019 cisco lab 56
57/102
RIP has no built-in mechanism for allowing for ISDN links, which iswhy you dont see RIP run across very many ISDN links in the first
place. Configure passive-interface bri0 under the RIP router process.Passive-interface bri0 will allow this interface to accept routing
updates, but not to send them.
R1(config)#router ripR1(config-router)#passive-interface bri0
Verify this with show ip protocols. Become very familiar with all theinformation this command displays.
R1#show ip protocolsRouting Protocol is "rip"
Sending updates every 30 seconds, next due in 27 secondsInvalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRedistributing: rip
Default version control: send version 1, receive version 1
Interface Send Recv Triggered RIP Key-chainLoopback0 1 1
Serial0 1 1
Serial1 1 1
Automatic network summarization is in effectMaximum path: 4
Routing for Networks:
1.0.0.0172.12.0.0
Passive Interface(s):
BRI0Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 120)
Chris Bryant, CCIE #12933www.thebryantadvantage.com
48
2005 The Bryant Advantage
8/13/2019 cisco lab 56
58/102
Configure RIP on R2 and R3, enabling RIP on all interfaces. Make theBRI interface on R2 passive.
R2#conf t
R2(config)#router rip
R2(config-router)#passive-interface bri0R2(config-router)#version 1
R2(config-router)#network 2.0.0.0
R2(config-router)#network 172.12.0.0
R2(config-router)#network 172.23.0.0R2(config-router)#^Z
R2#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ripR3(config-router)#version 1
R3(config-router)#network 3.0.0.0
R3(config-router)#network 172.12.0.0R3(config-router)#network 172.23.0.0
R3(config-router)#^Z
In these labs, youll hardcode the routers to run RIP version 1, thenRIP version 2. Keep in mind that the RIP default is to send version 1,
and accept versions 1 and 2.
On each router, run show ip route, then show ip route rip. Here onlythe output of these commands on R1 will be shown. Note that show ip
route shows all the known routes, where show ip route rip shows onlythe RIP-discovered routes.R1#show ip route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0R 2.0.0.0/8 [120/1] via 172.12.123.2, 00:00:20, Serial0
R 3.0.0.0/8 [120/1] via 172.12.13.3, 00:00:02, Serial1
[120/1] via 172.12.123.3, 00:00:02, Serial0172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.12.13.0/24 is directly connected, Serial1
C 172.12.21.0/30 is directly connected, BRI0
C 172.12.123.0/24 is directly connected, Serial0R 172.23.0.0/16 [120/1] via 172.12.123.2, 00:00:21, Serial0
[120/1] via 172.12.13.3, 00:00:03, Serial1
Chris Bryant, CCIE #12933www.thebryantadvantage.com
49
2005 The Bryant Advantage
8/13/2019 cisco lab 56
59/102
[120/1] via 172.12.123.3, 00:00:03, Serial0R1# show ip route ripR 2.0.0.0/8 [120/1] via 172.12.123.2, 00:00:12, Serial0
R 3.0.0.0/8 [120/1] via 172.12.13.3, 00:00:23, Serial1
[120/1] via 172.12.123.3, 00:00:23, Serial0
R 172.23.0.0/16 [120/1] via 172.12.123.2, 00:00:12, Serial0[120/1] via 172.12.13.3, 00:00:23, Serial1
[120/1] via 172.12.123.3, 00:00:23, Serial0
Note that equal-cost load balancing, enabled by default in bothversions of RIP, is in effect. R1 has three paths to the Ethernet
segment; one through the frame relay cloud via R2, one through theframe relay cloud via R3, and one via the point-to-point Serial link to
R3. All three have the same metric of 1, so RIP puts all three ofthese routes into the routing table. (Remember that distance-vector
protocols perform equal-cost load balancing by default, over four paths
by default, and this can be changed to a range from one to six pathswith the maximum-pathscommand.)
Also notice that since RIP version 1 does not support VLSM, you see
classful masks in the routing table for the loopbacks and for the
Ethernet segment.
Change the maximum number of paths that load-balancing can use oneach router with the maximum-pathscommand.
R1#conf t
R1(config)#router rip
R1(config-router)#maximum-paths 6
R2#conf t
R2(config)#router ripR2(config-router)#maximum-paths 6
R3#conf t
R3(config)#router ripR3(config-router)#maximum-paths 6
Chris Bryant, CCIE #12933www.thebryantadvantage.com
50
2005 The Bryant Advantage
8/13/2019 cisco lab 56
60/102
View the routing updates by running debug ip rip. Clear the routing
table with clear ip route *, and youll see the routing processreinitialize. (Both very important commands, both for your CCNA
exams and for real life.)
R1#debug ip rip
RIP protocol debugging is onR1#clear ip route *
22:01:04: RIP: sending v1 update to 255.255.255.255 via Serial0 (172.12.123.1)22:01:04: subnet 172.12.13.0, metric 122:01:04: subnet 172.12.123.0, metric 1
22:01:04: network 1.0.0.0, metric 1
22:01:04: network 2.0.0.0, metric 2
22:01:04: network 3.0.0.0, metric 222:01:04: network 172.23.0.0, metric 2
22:01:04: RIP: sending v1 update to 255.255.255.255 via Serial1 (172.12.13.1)22:01:04: subnet 172.12.123.0, metric 122:01:04: network 1.0.0.0, metric 1
22:01:04: network 2.0.0.0, metric 2
22:01:06: RIP: sending general request on Loopback0 to 255.255.255.25522:01:06: RIP: sending general request on Serial0 to 255.255.255.255
22:01:06: RIP: sending general request on Serial1 to 255.255.255.255
22:01:07: RIP: received v1 update from 172.12.123.3 on Serial0
Debug ip rip not only shows you the updates and the broadcastsbeing sent and received, but it also helps with troubleshooting.
Are RIP versions 1 and 2 interchangeable? Keep the debug on R1,
change R1s version of RIP to version 2, and clear the routing table.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#^Z1d04h: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip route *
< updates will be sent first>
1d04h: RIP: ignored v1 packet from 172.12.13.3 (illegal version)
1d04h: RIP: ignored v1 packet from 172.12.123.3 (illegal version)
R1#undebug all1d04h: RIP: ignored v1 packet from 172.12.123.2 (illegal version)
Chris Bryant, CCIE #12933www.thebryantadvantage.com
51
2005 The Bryant Advantage
8/13/2019 cisco lab 56
61/102
R1 is refusing the RIP version 1 updates. The two versions of RIP are
not interchangeable, as you can see by looking at the routing table:
R1#show ip routeGateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masksC 172.12.13.0/24 is directly connected, Serial1
C 172.12.21.0/30 is directly connected, BRI0
C 172.12.123.0/24 is directly connected, Serial0
The RIP routes are gone.
Remove the RIP process from all three routes with the no router ripcommand.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#no router ripR1(config)#^Z
R1#wr
Building configuration...
R2#conf tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#no router rip
R2(config)#^Z
R2#wrBuilding configuration...
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.
R3(config)#no router rip
R3(config)#^Z
R3#wrBuilding configuration...
Chris Bryant, CCIE #12933www.thebryantadvantage.com
52
2005 The Bryant Advantage
8/13/2019 cisco lab 56
62/102
Lab: Configuring RIP Version 2. Disabling auto-
summarization; using text and MD5 authentication;Troubleshooting RIP with show and debugcommands.
Configure RIP version 2 on all three routers. Disable RIPs auto-summarization feature with no auto-summary. Enable RIP on all
interfaces of each router, including the loopbacks. Prevent the dialerinterfaces from sending RIP version 2 multicasts with the passive-
interface command.
R1#conf tR1(config)#router ripR1(config-router)#version 2< The RIP-enabled interfaces will receive and send version 2 only. >
R1(config-router)#no auto-summary
R1(config-router)#network 172.12.0.0
R1(config-router)#network 1.0.0.0
R1(config-router)#passive-interface dialer1
R2#conf t
R2(config)#router rip
R2(config-router)#version 2R2(config-router)#no auto-summary
R2(config-router)#passive-int bri0
R2(config-router)#network 172.12.0.0R2(config-router)#network 172.23.0.0
R2(config-router)#network 2.0.0.0
R3#conf tR3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 172.12.0.0R3(config-router)#network 172.23.0.0
R3(config-router)#network 3.0.0.0
To verify VLSM support and equal-cost load-balancing, run show ip
route rip on R1.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
53
2005 The Bryant Advantage
8/13/2019 cisco lab 56
63/102
R1#show ip route rip
2.0.0.0/27is subnetted, 1 subnets
R 2.2.2.0 [120/1] via 172.12.123.2, 00:00:15, Serial03.0.0.0/27is subnetted, 1 subnets
R 3.3.3.0 [120/1] via 172.12.13.3, 00:00:14, Serial1
[120/1] via 172.12.123.3, 00:00:14, Serial0172.23.0.0/27 is subnetted, 1 subnets
R 172.23.23.0 [120/1] via 172.12.123.2, 00:00:15, Serial0
[120/1] via 172.12.13.3, 00:00:14, Serial1
[120/1] via 172.12.123.3, 00:00:15, Serial0
VLSM support is evident from the non-classful subnets masks for
networks 2.0.0.0 and 3.0.0.0. Equal-cost load balancing is takingplace as well, with three routes sharing the load from R1 to network
172.23.23.0.
From each router, ping the remote loopback addresses. All pings
should succeed.
You know that RIP version 1 sends updates to 255.255.255.255. Whataddress does RIP version 2 send updates to? Run debug ip rip, then
run clear ip route * to immediately clear the routing table. (Thiscommand forces the routing protocol to send and request updates
now, rather than waiting for the next regularly scheduled update.)
R1#debug ip rip
RIP protocol debugging is on
R1#clear ip route *1d04h: RIP: sending request on Loopback0 to 224.0.0.9
1d04h: RIP: sending request on Serial1 to 224.0.0.9
1d04h: RIP: sending request on Serial0 to 224.0.0.9
RIP version 2 multicasts updates to 224.0.0.9.
Turn your debugs off with undebug all. You can also turn off debugson an individual basis by running the command for that particular
debug with no in front of the command.
R1#no debug ip rip
RIP protocol debugging is offR1#undebug all
Chris Bryant, CCIE #12933www.thebryantadvantage.com
54
2005 The Bryant Advantage
8/13/2019 cisco lab 56
64/102
All possible debugging has been turned off
IGRP Lab
Remove any previous routing protocol configurations beforeproceeding.
Configure IGRP on R1, R2, and R3 with the router igrp 1command. IGRP will run on all interfaces in the 172.12.0.0network, the 172.23.0.0 network, and all loopbackinterfaces. We dont want IGRP updates to bring the ISDNline up; configure passive-interface bri0 under the IGRPprocess.
R1#conf tR1(config)#router igrp 1
R1(config-router)#network 172.12.0.0
R1(config-router)#network 1.0.0.0R1(config-router)#passive-interface bri0
The 1 in therouter igrp command re